Three Elements of Crypto Security

Safe zones protect important data

Secret keys remain secret

Crypto mechanisms resist attacks

DeCSS Software

Jon Johansen co-authored DeCSS and released it in 1999. It was quickly distributed via web sites and Internet discussion groups. Some experts questioned its legality, and a few countries passed laws against “copyright circumvention” software. The discussion was complicated in the United States by the First Amendment, arguing that computer software was a form of protected free speech.

Wired article on how DeCSS was developed, and where they got their DVD decryption key.

Keeping Secret Keys Secret

Physically protect them

Make them changeable

Make them hard to guess

Attacking the CSS mechanism

In 1999, Frank Stevenson of CMU reviewed an unofficial copy of the CSS source code program he found on the Internet. He reported significant weaknesses in the stream cipher design. This led to an attack requiring only 225 trials. He could crack a DVD disk key in a matter of seconds.

Vimeo Description

Movie DVDs encrypted their contents to prevent copying. The encryption did not prevent copying.